/
Scroll down to review each email with expert explanations.
Explanation
Red Flags:
Understanding Phishing Attacks
Phishing is the number one cause of data breaches in UK organisations. Here's what you need to know.
Common Tactics
-
Urgency & Fear — "Your account will be closed in 24 hours" to pressure you into acting without thinking.
-
Impersonation — Pretending to be your bank, Microsoft, HMRC, or even your headteacher.
-
Typosquatting — Using domains like
m1crosoft.comorpaypall.co.ukthat look right at a glance. -
Malicious Attachments — "Please review the attached invoice" with a .zip or macro-enabled document.
How to Verify
-
Check the sender address — Hover over the "From" name to see the actual email address. Does it match the real domain?
-
Hover before you click — Preview link URLs before clicking. Does the URL go where you'd expect?
-
Go directly — Instead of clicking links, navigate to the website directly by typing the known URL into your browser.
-
When in doubt, report it — Forward suspicious emails to your IT team or report@phishing.gov.uk.
Clicked a Suspicious Link? Do This Now.
Disconnect from the network immediately (Wi-Fi and Ethernet).
Change passwords on a different, clean device.
Notify your IT team so they can investigate and contain any spread.
Run a full scan with your antivirus software.